A newly discovered Cryptoming campaign called Drive-by Cryptomining targeted million of Android user to mine Monerocoins and this campaign Started around November 2017 using different type of malicious domain.

A Malicious lucrative Payload’s are distributing from a particular hacking group that mainly abusing android users device to mine the Monero Cryptocurrency.

Past few year Crypto currency mining is a very easy method for cyber criminals to Generating the huge revenue by hijacking the Web- browser and injecting the malicious script and taking control of the CPU Usage from the Victims.

Drive-by Cryptomining is an automated process without user interaction, it drives into victims device and silently processing its mining operation.

How Does this Drive-by Cryptomining Redirecting Users

In this case, when users visiting the attacker website, it provides fake notification that claimed as “your device showing suspicious surfing Behaviour” and gives a CAPTCHA to solve in order to prove that they aren’t bots and user urged to resolve the ON.

Once users resolve the CAPTCHA by providing the code and press continue, suddenly user devices will be mining Monero at full speed and use complete processor speed of the device.

Researchers analyzing the code behind of this operation revealed that, it redirects to google page and make users believe that they are not a bot.

According to Malwarebytes, It’s possible that this particular campaign is going after low quality traffic—but not necessarily bots —and rather than serving typical ads that might be wasted, they chose to make a profit using a browser-based Monero miner.

There are many domains that use the same CAPTCHA code to mine Menero and the very first domain was registered on Nov 2017.

Domain name, registration date

Apart from this few domains traffic are rising extremely high within a short period of time and each domain daily visitors estimated as 8,00,000 visitors per day and more than 30 Million visitors per month.

“It is difficult to determine how much Monero currency this operation is currently yielding without knowing how many other domains (and therefore total traffic) are out there. Because of the low hash rate and the limited time spent mining, we estimate this scheme is probably only netting a few thousand dollars each month”. Malwarebytes said.

Subscribe to PHI via Email

Enter your email address to subscribe to PHI and receive notifications of new posts by email.

Join 3,340 other subscribers

Email Address

PROFESSIONAL HACKERS INDIA

We are proud to offer premier information security updates, IT updates, Core Tools And Techniques across the globe. Our mission is to make the internet more secure, more trendy, more aware and more reliable.